Scribd Logo
Carica

Benvenuto in Scribd!

  • Fragmentation Attack: Denial-Of-Service Attack (Dos)

    Caricato da

    Karen Garza
    21 visualizzazioni2 pagine
    hacking

    Titolo originale

    CEH V10-55-1

    Copyright

    © © All Rights Reserved

    Formati disponibili

    PDF, TXT o leggi online da Scribd

    Hai trovato utile questo documento?

    Questo contenuto è inappropriato?

    Segnala questo documento
    hacking

    Copyright:

    © All Rights Reserved
    Scarica in formato PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    21 visualizzazioni2 pagine

    Fragmentation Attack: Denial-Of-Service Attack (Dos)

    Caricato da

    Karen Garza
    hacking

    Copyright:

    © All Rights Reserved
    Scarica in formato PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    di 2

    Fragmentation Attack

    Fragmentation is the process of splitting the packet into fragments. This technique is
    usually adopted when IDS and Host device is configured with different timeouts. For
    example, if an IDS is configured with 10 Seconds of timeout whereas host is configured
    with 20 seconds of a timeout. Sending packets with 15sec delay will bypass reassembly
    at IDS and reassemble at the host.
    Similarly, overlapping fragments are sent. In Overlapping fragmentation, a packet with
    the TCP sequence number configured is overlapping. Reassembly of these overlapping,
    fragmented packets is based on how an operating system configured to do. Host OS
    may use original fragmentation whereas IOS devices may use subsequent fragment
    using offset.

    Denial-of-Service Attack (DoS)


    Passive IDS devices are inherently Fail-open instead of Fail-Closed. Taking advantage
    of this limitation, an attacker may launch a Denial-of-Service attack on the network to
    overload the IDS System. To perform DoS attack on IDS, an attacker may target CPU
    exhaustion or Memory Exhaustion techniques to overload the IDS. These can be done
    by sending specially crafted packet consuming more CPU resources or sending a large
    number of fragmented out-of-order packets.

    Obfuscating
    Obfuscation is the encryption of payload of a packet destined to a target in a manner
    that target host can reverse it but the IDS could not. It will exploit the end user
    without alerting the IDS using different techniques such as encoding, encryption,
    polymorphism. Encrypted protocols are not inspected by the IDS unless IDS is
    configured with the private key used by the server to encrypt the packets. Similarly, an
    attacker may use polymorphic shellcode to create unique patterns to evade IDS.

    False Positive Generation


    False Positive alert generation is the false indication of a result inspected for a
    particular condition or policy. An attacker may generate a large number of false
    positive alert by sending a Suspicious packet to manipulate and hide real malicious
    packet within this packet to pass IDS.

    Session Splicing
    Session Splicing is a technique in which attacker splits the traffic into a large number
    of the smaller packet in a way that not even a single packet triggers the alert. This can
    also be done by a slightly different technique such as adding a delay between packets.
    This technique is effective for those IDS which do not reassemble the sequence to
    check against intrusion.

    Page 379 of 503


    Unicode Evasion Technique
    Unicode evasion technique is another technique in which attacker may use Unicode to
    manipulate IDS. Unicode is basically a character encoding as defined earlier in HTML
    Encoding section. Converting string using Unicode characters can avoid signature
    matching and alerting the IDS, thus bypassing the detection system.

    Mind Map

    Page 380 of 503

    Potrebbero piacerti anche